protected override Task <HttpResponseMessage> SendAsync
(
HttpRequestMessage request,
CancellationToken cancellationToken
)
{
IEnumerable <string> authorizationValue;
var hasAutorization = request.Headers.TryGetValues("X-PATRONS-AUTH-TOKEN", out authorizationValue);
if (hasAutorization)
{
var token = authorizationValue.First();
/*-----------------------------------------------------------------------------------------
* INSPECT TOKEN TO SEE IF USER EXISTS AND TOKEN HAS NOT EXPIRED
* -----------------------------------------------------------------------------------------*/
DateTime timeStampTokenCreated;
DateTime timeStampTokenExpires;
IWinstarDataModel winstarDataModel = AuthTokenHelper.UnPackAuthToken(token, out timeStampTokenCreated, out timeStampTokenExpires);
//IF TOKEN EXPIRES TIMESTAMP IS LESS THAN NOW, ABORT
if (timeStampTokenExpires < DateTime.Now)
{
return(CreateUnauthorizedResponse("Authorization has expired. Please login again."));
}
//GET USER
IUserModel currentUser = SecurityHelper.GetWinstarPatron(winstarDataModel);
//IF USER IS UNKNOWN, THEN ABORT
if (currentUser == null)
{
return(CreateUnauthorizedResponse("User is unknown."));
}
//CAPTURE DATA FOR USE IN CONTROLLERS (SEE SecureApiController)
ObjectFactory.Configure(x => x.For <IWinstarDataModel>().Singleton().Use(winstarDataModel));
ObjectFactory.Configure(x => x.For <IUserModel>().Singleton().Use(currentUser));
//CONVERT CURRENT USER TO AN AUTHENTICATED USER
Thread.CurrentPrincipal = currentUser.ToClaimsPrincipal();
//SET HTTP CONTEXT CURRENT USER TO AUTHENTICATED USER
if (HttpContext.Current != null)
{
HttpContext.Current.User = Thread.CurrentPrincipal;
}
}
return(base.SendAsync(request, cancellationToken)
.ContinueWith(task =>
{
return task.Result;
}));
}
/// <summary>
/// LOGIN AND AUTHENTICATE USER VIA A LOGIN FORM
/// </summary>
/// <param name="loginModel"></param>
/// <returns></returns>
public static IUserModel GetWinstarPatron(IWinstarDataModel dataModel)
{
var MOC = new WinStarSoap.MobileOffersClient();
var userName = dataModel.UserName;
var password = dataModel.Password;
var facility = dataModel.Facility;
var ipAddress = dataModel.IpAddress;
try
{
WinStarSoap.patron patron = MOC.getPatron(userName, password, facility, ipAddress);
IUserModel userModel = new UserModel();
userModel.AcctType = patron.acctType;
userModel.DOB = patron.dob;
userModel.FirstName = patron.firstName;
userModel.MiddleInit = patron.midInit;
userModel.LastName = patron.lastName;
userModel.PhoneNumber = patron.phone;
userModel.MobileNumber = patron.mobile;
userModel.EmailAddress = patron.email;
userModel.EmailFlag = (patron.emailFlag == "Y");
userModel.AddressLine1 = patron.addr1;
userModel.AddressLine2 = patron.addr2;
userModel.City = patron.city;
userModel.State = patron.state;
userModel.Zip = patron.zip;
userModel.CashAvailable = patron.cashAvailable;
userModel.CurrentCardLevel = patron.currentCardLevel;
userModel.CurrentPoints = patron.currentPoints;
userModel.PointsAvailable = patron.pointsAvailable;
userModel.PointsToNextLevel = patron.pointsToNextLevel;
userModel.PointsToNextLevelByDate = patron.pointsToNextLevelByDate;
userModel.NextCardLevel = patron.nextCardLevel;
userModel.SixMonthADT = patron.sixMonthADT;
userModel.Facility = patron.facility;
userModel.IsGolfMember = (patron.golfMember == "Y");
userModel.HostFlag = patron.hostFlag;
userModel.NewsFlag = patron.newsFlag;
userModel.HostName = patron.hostName;
userModel.Token = patron.token;
userModel.ErrorNumber = patron.error;
return(userModel);
}
catch (Exception ex)
{
throw new Exception("Error happened retrieving patron", ex);
}
}
private static String Encrypt(IWinstarDataModel userModel)
{
var tokenExpiresHours = int.Parse(ConfigurationManager.AppSettings["Max_Token_Expires_Hours"]);
var tokenCreated = DateTime.Now.Ticks;
var tokenExpiration = DateTime.Now.AddHours(tokenExpiresHours).Ticks;
/*
* TOKEN IS COMPRISED OF THE FOLLOWING INFORMATION:
* 0: USER NAME
* 1: PASSWORD
* 2: FACILITY
* 3: IP ADDRESS
* 4: TOKEN CREATED TIME STAMP
* 5: TOKEN EXPIRATION TIMESTAMP
*/
var encodedValue = EncodeTo64(String.Format("{0}:{1}:{2}:{3}:{4}:{5}", userModel.UserName, userModel.Password, userModel.Facility, userModel.IpAddress, tokenCreated, tokenExpiration));
var rsa = new RSACryptoServiceProvider();
rsa.FromXmlString(PublicKey);
var dataToEncrypt = Encoder.GetBytes(encodedValue);
var encryptedByteArray = rsa.Encrypt(dataToEncrypt, false).ToArray();
var length = encryptedByteArray.Count();
var item = 0;
var sb = new StringBuilder();
foreach (var x in encryptedByteArray)
{
item++;
sb.Append(x);
if (item < length)
{
sb.Append(",");
}
}
return(sb.ToString());
}
/// <summary>
/// BASE CONTROLLER
/// </summary>
public SecureApiController()
{
CurrentUser = ObjectFactory.GetInstance <IUserModel>();
WinstarDataModel = ObjectFactory.GetInstance <IWinstarDataModel>();
}
/// <summary>
/// CONVERTS USER MODEL TO AUTHENTICATED USER (EXTENDS IUserModel)
/// </summary>
/// <param name="currentUser"></param>
/// <param name="winstarDataModel"></param>
/// <returns></returns>
public static IAuthenticatedUser ToAuthenticatedUser(this IUserModel currentUser, IWinstarDataModel winstarDataModel)
{
var token = AuthTokenHelper.GenerateAuthToken(winstarDataModel);
var autehnticatedUser = new AuthenticatedUser
{
CurrentUser = currentUser,
Token = token
};
return(autehnticatedUser);
}
public static String GenerateAuthToken(IWinstarDataModel userModel)
{
return(Encrypt(userModel));
}